TOPIC: How to secure wireless lan

My boss asks me to setup a wireless lan inside a shop in a shopping mall. It is around 1000 sq meter which I plan to setup 8-10 access points (802.11g). Since it is a public area which is very easy to be hacked. Therefore, I'll improve the security by rename default SSID and disable broadcast SSID, enable WEP, build Access Control List. (details at bottom).

According to some books, high securiy can implement firewall or even VPN tunnel between the wired and wireless network (devices). For me, it is still a concept. Can anyone share to me how to equip the WLAN in high security mode ???

SSID (Service Set ID)
SSID is a unique network identifier with a
maximum of 32 characters. Each wireless
access point has to be assigned with an SSID.
The WLAN clients need to know the SSID of the
access point to be connected with. The SSID can
also be used to differentiate one WLAN from
another. The access points and clients
connected to a specific WLAN must use the
same SSID.
WEP (Wired Equivalent Privacy)
As its name say, WEP is designed to provide an
equivalent level of privacy in the wireless
environment as it is in the wired environment.
WEP uses a shared and static key, known to
both access points and clients, to encrypt data
packets before transmission. Up to 4 sets of
static keys can be defined in access
points/clients. WEP uses either a 40-bit or a
128-bit encryption mechanism for encryption.
For most WLAN access points, WEP is disabled
by default.
ACL (Access Control List)
ACL (Access Control List) is used in some WLAN
access points to control client access. The ACL is
usually based on the client’s wireless Ethernet
MAC address which is unique in each client. The
ACL is a database to store the MAC address that
can access the WLAN. If the client’s MAC
address is not listed in the ACL, his/her access
will be denied.

don't know much about wireless networking but you can always try to check your security using some tools that hackers also use for instance:

NetStumbler (Windowsbased): the disadvantage of this application is that it relies on one form of wireless network detection. So when you disable broadcast probe request no networks will be detected.

Kismet (Linuxbased) I believe this is one of the best applications there is (also for wardriving). Cause it has different methods for detecting wireless networks. When it can Kismet will also gather additional information when possible.

wow! thats gonna be a fun task. I setup a small wireless setup in my apartment using the Netgear Wireless 108G router. I posted a post regarding a bottleneck problem. (not wireless but using cat5) I have that router also as my firewall. So I am still looking into that bottleneck problem. But as far as wireless setup I myself am still working and looking more into it. So let me know how that setup goes, would love to hear how it went.